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Reference: 21242REG1011 


Dear Mr Mashabane 


Report of the Auditor-General on the financial statements and other legal and regulatory 

requirements of uMlalazi Municipality for the year ended 30 June 2011 

1 . The above-mentioned report of the Auditor-General is submitted herewith in terms of section 
21(1) of the Public Audit Act of South Africa read in conjunction with section 188 of the 
Constitution of the Republic of South Africa; section 121(3) of the Municipal Finance 
Management Act of South Africa (MFMA) 

2. In terms of section 121 (3) of the MFMA you are required to include the audit report in the 
municipality’s annual report to be tabled. 

3. Until the annual report is tabled as required by section 127(2) of the MFMA the audit report 
is not a public document and should therefore be treated as confidential. 

4. Prior to printing or copying the annual report which will include the audit report you are 
required to do the following: 

• Submit the final printer’s proof of the annual report to the relevant senior manager of the 
Auditor-General of South Africa for verification of the audit-related references in the audit 
report and for confirmation that the financial statements and other information are those 
documents that have been read and audited. Special care should be taken with the page 
references in your report, since an incorrect reference could have audit implications. 

• The signature Auditor-General in the handwriting of the auditor authorised to sign the 
audit report at the end of the hard copy of the audit report should be scanned in when 
preparing to print the report. This signature, as well as the place and date of signing and 
the Auditor-General of South Africa’s logo, should appear at the end of the report as in 
the hard copy that is provided to you. The official logo will be made available to you in 
electronic format. 

5. Please notify the undersigned Senior Manager well in advance of the date on which the 
annual report containing this audit report will be tabled. 

6. Your cooperation to ensure that all these requirements are met would be much appreciated. 
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Kindly acknowledge receipt of this letter. 


Yours sincerely 


Signed 



Ntombifuthi Precious Makaye 
Senior Manager: KZN 3 
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Fax: 

Email: 


Zaitun Bee Gaffair Shaik 
(033) 264 7400 
(033) 264 7596 
zaitung@agsa.co.za 


2 




REPORT OF THE AUDITOR-GENERAL TO KWAZULU-NATAL PROVINCIAL 

LEGISLATURE AND THE COUNCIL ON UMLALAZI MUNICIPALITY 

REPORT ON THE FINANCIAL STATEMENTS 

Introduction 

1 . I have audited the accompanying financial statements of the Umlalazi municipality, which 
comprise statement of financial position as at 30 June 2011 , and the statement of financial 
performance, statement of changes in net assets and cash flow statement for the year then 
ended, and a summary of significant accounting policies and other explanatory information 
as set out on pages ... to .... 

Accounting officer’s responsibility for the financial statements 

2. The accounting officer is responsible for the preparation and fair presentation of the 
financial statements in accordance with South African Standards of Generally Recognised 
Accounting Practice (SA Standards of GRAP) and the requirements of the Local 
Government: Municipal Finance Management Act of South Africa (Act NO. 56 of 

2003) (MFMA) and Division of Revenue Act of South Africa (Act No. 1 of 2010)(DORA), and 
for such internal control as management determines necessary to enable the preparation of 
financial statements that are free from material misstatement, whether due to fraud or error. 

Auditor-General’s responsibility 

3. As required by section 1 88 of the Constitution of the Republic of South Africa, 1 996 (Act 
No. 1 08 of 1 996) and, section 4 of the Public Audit Act of South Africa, 2004 (Act No. 25 of 

2004) (PAA) and section 126(3) of the MFMA, my responsibility is to express an opinion on 
these financial statements based on my audit. 

4. I conducted my audit in accordance with International Standards on Auditing and General 
Notice No.11 11 of 2010 issued in Government Gazette No. 33872 of 15 December 2010. 
Those standards require that I comply with ethical requirements and plan and perform the 
audit to obtain reasonable assurance about whether the financial statements are free from 
material misstatement. 

5. An audit involves performing procedures to obtain audit evidence about the amounts and 
disclosures in the financial statements. The procedures selected depend on the auditor’s 
judgement, including the assessment of the risks of material misstatement of the financial 
statements, whether due to fraud or error. In making those risk assessments, the auditor 
considers internal control relevant to the municipality’s preparation and fair presentation of 
the financial statements in order to design audit procedures that are appropriate in the 
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the 
municipality’s internal control. An audit also includes evaluating the appropriateness of 
accounting policies used and the reasonableness of accounting estimates made by 
management, as well as evaluating the overall presentation of the financial statements. 

6. I believe that the audit evidence I have obtained is sufficient and appropriate to provide a 
basis for my audit opinion. 



Opinion 


7. In my opinion, the financial statements present fairly, in all material respects, the financial 
position of the Umlalazi local municipality as at 30 June 201 1 and its financial performance 
and cash flows for the year then ended in accordance with SA Standards of GRAP and the 
requirements of the MFMA and DORA. 

Emphasis of matter 

8. I draw attention to the matter below. My opinion is not modified in respect of this matter: 

Irregular expenditure 

9. As disclosed in note 31 to the financial statements, irregular expenditure for the payment of 
performance bonuses accumulating to R 683,109 was incurred due to non-compliance with 
the Municipal Systems Act. 

Additional matter 

10. 1 draw attention to the matter below. My opinion is not modified in respect of this matter: 

Unaudited supplementary schedules 

1 1 . The supplementary information set out on pages XX to XX does not form part of the 
financial statements and is presented as additional information. I have not audited these 
schedules and, accordingly, I do not express an opinion thereon. 

REPORT ON OTHER LEGAL AND REGULATORY REQUIREMENTS 

12. In accordance with the PAA and in terms of General Notice No.1111 of 2010, issued in 
Government Gazette No. 33872 of 15 December 2010, 1 include below my findings on the 
annual performance report as set out on pages ... to ... and material non-compliance with 
laws and regulations applicable to the municipality. 

Predetermined objectives 

Presentation of information 

13. The following criteria is relevant to the finding below 

• Performance against predetermined objectives is reported using the National Treasury 
guidelines. 

The following audit findings relate to the above criteria: 

14. The municipality did not include a comparison of performance targets in the current year 
with targets set for the prior year as required by section 46(1) (b) of the Municipal Systems 
Act. 



Usefulness of information 


15. The following criteria are relevant to the findings below: 

• Measurability: Indicators are well-defined and verifiable, and targets are specific 
measurable and time-bound 

• Consistency: Objectives, indicators and targets are consistent between plannina and 
reporting documents 


The following audit findings relate to the above criteria: 

Planned and reported targets are not measurable and time bound (Measurability) 

16. For the selected objectives, 30% of the planned and reported targets were not measurable 
in identifying the required performance. 

17. For the selected objectives, 30% of the planned and reported targets were not time-bound in 
specifying the time period or deadline for delivery. 


Reported objectives, indicators and targets are not consistent and complete when 
compared with the planned objectives, indicators and targets (Consistency) 

18. Reported performance against predetermined objectives, indicators and targets Is not 
consistent with the approved integrated development plan. 

Changes to planned objectives, indicators and targets were not approved (Consistency) 

19. Additional and different objectives, indicators and targets were reported on as opposed to 
the approved integrated development plan. These additional and different objectives, 
indicators and targets were not included in the approved or adjusted budgets and were not 
approved subsequent to the strategic planning process. 

Reliability of information 

20. The following criteria are relevant to the findings below: 

• Validity: Actual reported performance has occurred and pertains to the entity. 

• Accuracy: Amounts, numbers and other data relating to reported actual performance 
have been recorded and reported appropriately 

• Completeness: All actual results and events that should have been recorded have her n 
included in the annual performance report 



The following audit findings relate to the above criteria: 


Reported performance against targets is not valid, accurate and complete when 
compared to source information 

21. For the selected objectives, 23% of the reported targets were not valid, accurate and 
complete based on the source information or evidence provided. 


Compliance with laws and regulations 

Included below are findings on material non-compliance with laws and regulations applicable to 

the municipality. 

Internal Audit 

22. The internal audit unit did not provide the risk based audit plan and audit program to the 
audit committee or the accounting officer as required by section 165 of the MFMA. 

Procurement and contract management 

23. A risk assessment process was not performed as required by regulation 41(2). 

24. The National Treasury’s database is not consulted prior to awarding a contract as required 
by regulation 38(1). 

25. Persons who are in service of the state have not disclosed that they were employed by the 
state and have been transacting with the municipality, in contravention with section 44 of the 
Municipal Supply Chain Management (SCM) Regulations. 

Strategic planning and performance management 

26. The municipality did not implement a framework that describes and represents how the 
municipality’s cycle and processes of performance planning, monitoring, measurement, 
review, reporting and improvement will be conducted, organised and managed, including 
determining the roles of the different role players as required by sections 38, 41(d), 42 and 
46 (1) ( c), of the Municipal Systems Act of South Africa, 2000 (Act No.32 of 2000) (MSA) 
and Municipal Planning and Performance Management Regulations 6 of the Municipal 
Planning and Performance Regulations, 2001. 



Annual financial statements, performance and annual report 

27. The annual financial statements submitted for audit did not comply with section 122 of the 
MFMA as material misstatements were identified during the audit, which were corrected by 
management. 

Expenditure Management 

28- The accounting officer did not take effective steps to prevent irregular expenditure as per 
the requirements of section 62 (b) of the MFMA. 

Internal Control 

29. In accordance with the PAA and in terms of General Notice No. 1111 of 2010, issued in 
Government Gazette No. 33872 of 15 December 2010, 1 considered internal control relevant 
to my audit, but not for the purpose of expressing an opinion on the effectiveness of internal 
control. The matters reported below are limited to the significant deficiencies that resulted in 
the findings on the annual performance report and the findings on compliance with laws and 
regulations included in this report. 

• Leadership 

The accounting officer did not exercise oversight responsibility over the procurement of 
goods and services to ensure that they complied with the requirements of Municipal 
SCM Regulations. M 

The municipal council did not exercise oversight responsibility over the preparation of 
the organisational performance scorecard to ensure that it contains indicators which are 
well defined and verifiable and targets which are measurable and time-bound. 

■ Financial and performance management 

The accounting officer has not established controls to monitor the payment of 
performance bonuses in terms of section 62 (b) of the MFMA. 

The accounting officer has not performed a proper review of the annual performance 
report to ensure that approved indicators and targets are consistently and completely 
recorded. 

The accounting officer has not performed a proper review of the annual financial 
statements to ensure that valid, accurate and complete reporting of financial information 
is adhered to as required by section 122 of the MFMA. 

• Governance 

The internal audit unit did not provide the risk based audit plan and audit program to the 
audit committee or the accounting officer as required by section 165 of the MFMA. 


OTHER REPORTS 
Investigations 

30. Investigations from prior year relating to an investigation undertaken by the Department of 
Cooperative Governance and Traditional Affairs is still in progress at the municipality and 
investigations for the current year undertaken by the Department of Economic Development 
and Tourism are also in progress in respect of the procurement management process. 


Pietermaritzburg 
30 November 201 1 



AUDITOR-GENERAL 
SOUTH AFRICA 

Auditing to build public confidence 
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FINAL MANAGEMENT REPORT TO THE ACCOUNTING OFFICER ON THE AUDIT OF THE 
UMLALAZI MUNICIPALITY FOR THE YEAR ENDED 31 MARCH 2011 

INTRODUCTION 


1 . This management report includes audit findings arising from the audit of the financial 
statements, reporting on predetermined objectives and compliance with laws and regulations 
for the year ended 30 June 201 1 which were communicated to management and includes their 
response to these findings. The report also includes information on the internal control 
deficiencies that were identified. Addressing these deficiencies will assist in ensuring an 
improvement in the audit outcomes. 

2. The management report consists of executive summary and detailed audit findings which are 
contained in annexure A and B. 

THE AUDITOR-GENERAL’S RESPONSIBILITIES 

3. As required by section 188 of the Constitution of the Republic of South Africa, 1996 (Act No. 

108 of 1996) and, section 4 of the Public Audit Act of South Africa, 2004 (Act No. 25 of 2004) 
(PAA) and section 126(3) of the Local Government, Municipal Finance Management Act, 2003 
(Act No. 56 of 2003)(MFMA), our responsibility is to express an opinion on the financial 
statements and to report on findings relating to our audit of the report on predetermined 
objectives and compliance with material matters in laws and regulations applicable to the 
entity. Our engagement letter sets out our responsibilities in detail. These include the following: 

• Performing procedures to obtain audit evidence about the amounts and disclosures in the 
financial statements, the report on predetermined objectives and compliance with laws 
and regulations applicable to the entity. The procedures selected depend on our 
judgement, including the assessment of the risks of material misstatement of the financial 
statements, the report on predetermined objectives and material non-compliance with 
laws and regulations. 

• Considering internal controls relevant to the entity’s preparation and fair presentation of 
the financial statements, the report on predetermined objectives and compliance with 
laws and regulations. 

• Evaluating the appropriateness of accounting policies used and the reasonableness of 
accounting estimates made by management. 

• Evaluating the appropriateness of systems and processes that ensure the accuracy and 
completeness of the financial statements, the report on predetermined objectives and 
compliance with laws and regulations. 

4. Because of the test nature and other inherent limitations of an audit, we do not guarantee the 
completeness and accuracy of the financial statements or the report on predetermined 
objectives or compliance with all applicable laws and regulations. 

5. Having formed an opinion on the financial statements, we may include additional 
communication in the auditor’s report that does not have an effect on the auditor's opinion. 

These may include: 

• an emphasis of matter paragraph to draw users’ attention to a matter presented or 
disclosed in the financial statements which is of such importance that it is fundamental to 
their understanding of the financial statements. 

• an additional matter paragraph to draw users’ attention to any matter, other than those 
presented or disclosed in the financial statements, that is relevant to users’ understanding 
of the audit, the auditor’s responsibilities or the auditor’s report. 


THE ACCOUNTING OFFICER’S RESPONSIBILITIES 

6. The accounting officer’s responsibilities are set out in detail in the engagement letter Thesp 

include the following: 

• I h ® P r ®P® ration and fa ' r presentation of the financial statements in accordance with the 
roiof" nC8n Standards of Generally Recognised Accounting Practice. (SA Standards of 

UKAr). 

• Planning, monitoring of and reporting on performance against predetermined objectives. 

• Review and monitoring of compliance with laws and regulations and disclosing known 
instances of non-compliance or suspected non-compliance with laws and regulations. 

• Designing, implementing and maintaining proper record keeping and internal controls 
necessary to enable the preparation of financial statements and the report on 
predetermined objectives that are free from material misstatement whether due to fraud 
or error, and compliance with laws and regulations. 

• Designing and implementing formal controls over IT systems to ensure the reliability of 
the systems and the availability, accuracy and protection of information. 

• Implementing appropriate risk management activities to ensure that regular risk 
assessments are conducted. 

• Disclosing all matters concerning any risk, allegation or instance of fraud. 

• Accounting for and disclosing related-party relationships and transactions. 

• Providing access to all information that is relevant to the preparation of the financial 
statements and performance information, such as records and documents. 


EXECUTIVE SUMMARY 1 

' —* * . i 


SECTION 1: Meetings with oversight bodies and those chained with governance 


7. During the audit cycle we met with key stakeholders to communicate matters relating to the 
audit outcomes of the municipality and emerging risks. Insight was provided on the key controls 
that impact these audit outcomes to enable corrective action to be taken. 

8. Meetings were conducted as follows: 


9. 


• Executive authority [30 th September 2011] 


Accpunting officer [8 th June 201 1, 2 th September 201 1 , 28 th September 201 1 19 th October 
201 1 ; 25 th October 201 1 ; 8 th November 201 1 , 15 th November 201 1] 

Audit committee [18 th October 2010, 08 th April 2011, 22 th July 201 1] 


At these meetings commitments were made to address improvements in the internal control 
environment with the objective of achieving clean administration. Progress made on these 
commitments is discussed later in this report. mdueontnese 
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PART B - MATTERS TO BE BROUGHT TO THE ATTENTION OF THE USERS 
EMPHASIS OF MATTER PARAGRAPHS 

An emphasis of matter paragraph will be included in our auditor’s report to highlight the following 
matters to the users of the financial statements: 

Irregular expenditure 

11. As disclosed in note 31 to the financial statements, the payment for performance bonuses of 
R683.109 made in July 2011 was in contravention of section 57 (4B) of the Municipal Systems 
Act for 2009/2010. 


ADDITIONAL MATTER PARAGRAPHS 

An additional matter paragraph will be included in our auditor's report to highlight the following 
matters to the users of the financial statements: 

Unaudited supplementary schedules 

12. The supplementary information set out on page 40-47 does not form part of the financial 
statements and is presented as additional information. I have not audited these schedules and 
accordingly I do not express an opinion thereon. 


PART C - REPORT ON OTHER LEGAL AND REGULATORY REQUIREMENTS 
FINDINGS ON THE REPORT ON PREDETERMINED OBJECTIVES 

Included below are the findings raised during our audit of the report on predetermined objectives. 

Predetermined objectives 
Presentation of information 

13. The following criteria is relevant to the finding below 

• Performance against predetermined objectives is reported using the National Treasury 
guidelines. 


14. The municipality did not include a comparison of performance targets in the current year with 
targets set for the prior year as required by section 46(1) (b) of the Municipal Systems Act. 

Usefulness of information 

15. The following criteria are relevant to the findings below: 

• Measurability: Indicators are well-defined and verifiable, and targets are specific, 
measurable and time-bound 

• Consistency: Objectives, indicators and targets are consistent between planning and 
reporting documents 




Planned and reported targets are not measurable and time bound (Measurability) 

16. For the selected objectives, 30% of the planned and reported targets were not measurable in 
identifying the required performance. 

17. For the selected objectives, 30% of the planned and reported targets were not time-bound in 
specifying the time period or deadline for delivery. 

Consistency of information 

Reported objectives, indicators and targets are not consistent and complete when 
compared with the planned objectives, indicators and targets (Consistency) 

18. Reported performance against predetermined objectives, indicators and targets is not 
consistent with the approved integrated development plan. 

Changes to planned objectives, indicators and targets were not approved (Consistency) 

19. Additional and different objectives, indicators and targets were reported on as opposed to the 
approved integrated development plan. These additional and different objectives, indicators 
and targets were not included in the approved or adjusted budgets and were not approved 
subsequent to the strategic planning process. 

Reliability of information 

20. The following criteria are relevant to the findings below: 

• Validity: Actual reported performance has occurred and pertains to the entity. 

• Accuracy: Amounts, numbers and other data relating to reported actual performance have 
been recorded and reported appropriately 

• Completeness: All actual results and events that should have been recorded have been 
included in the annual performance report 


Reported performance against targets is not valid, accurate and complete when compared 
to source information 

21 . For the selected objectives, 23% of the reported targets were not valid, accurate and complete 
based on the source information or evidence provided. 


FINDINGS ON COMPLIANCE WITH LAWS AND REGULATIONS 

Included below are findings on material non-compliance with laws and regulations applicable to the 
municipality. 

Internal Audit 

22. The internal audit unit did not provide the risk based audit plan and audit program to the audit 
committee or the accounting officer as required by section 165 of the MFMA. 

Procurement and contract management 

23. A risk assessment process was not performed as required by regulation 41(2). 




24. The National Treasury’s database is not consulted prior to awarding a contract as required bv 

regulation 38(1). J 

25. Persons who are in service of the state have not disclosed that they were employed by the 
state and have been transacting with the municipality, in contravention with section 44 of the 
supply chain management (SCM) regulations. 

Strategic planning and performance management 

26. The municipality did not implement a framework that describes and represents how the 
municipality’s cycle and processes of performance planning, monitoring, measurement, review 
reporting and improvement will be conducted, organised and managed, including determining 
the roles of the different role players as required by sections 38, 39, 40 and 41 of the Municipal 
Systems Act of South Africa, 2000 (Act No.32 of 2000) (MSA) and Municipal Planning and 
Performance Management Regulations 7 and 8 of the Municipal Planning and Performance 
Regulations, 2001. 

Annual financial statements, performance and annual report 

27. The financial statements submitted for audit did not comply with section 122 of the MFMA. 
Material misstatements were identified during the audit, which were corrected by management. 

Expenditure Management 

28. The accounting officer did not take effective steps to prevent irregular expenditure as per the 
requirements of section 62 (b) of the MFMA. 


INTERNAL CONTROL 

Achievement of internal control objectives 

29. Significant deficiencies that resulted in the basis for the [qualified/adverse/disclaimedj opinion, 
findings on the report on predetermined objectives and findings on compliance with laws and 
regulations are summarised below. Detailed information on significant internal control 
deficiencies is provided in section 5 of this report. 

• Leadership 

The accounting officer did not exercise oversight responsibility over the procurement of 
goods and services to ensure that they complied with the requirements of Municipal SCM 
Regulations. 

The municipal council did not exercise oversight responsibility over the preparation of the 
organisational performance scorecard to ensure that it contains indicators which are well 
defined and verifiable and targets which are measurable and time-bound. 

* Financial and performance management 

The accounting officer has not established controls to monitor the payment of performance 
bonuses in terms of section 62 (b) of the MFMA. 


The accounting officer has not performed a proper review of the annual performance report 
to ensure that approved indicators and targets are consistently and completely recorded. 

The accounting officer has not performed a proper review of the annual financial 
statements to ensure that valid, accurate and complete reporting of financial information is 
adhered to as required by section 122 of the MFMA. 
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• Governance 


The internal audit unit did not provide the risk based audit plan and audit program to the 
audit committee or the accounting officer as required by section 165 of the MFMA. 


PART B - DETAILS CONCERNING THE ACHIEVEMENT OF INTERNAL CONTROL 
OBJECTIVES OF THE INFORMATION SYSTEMS AUDIT OF THE GENERAL CONTROLS AT 
THE UMLALAZI LOCAL MUNICIPALITY 


LEADERSHIP 

Oversight responsibility regarding reporting and compliance 

• Reviews of system controllers and system users were not ensured due to the fact that there 
were no formally documented and approved standards and procedures. 

• Due to budget constraints, the server was hosted at the financial officer’s office where the 
necessary physical and environmental controls were not properly managed. 


Effective human resource management 

Due to the lack of IT skills at the municipality, the operating system security settings were not 
adequately set. 


Implementation of policies and procedures 

• Appropriate key controls not implemented as the municipality did not realise the importance of 
establishing information technology (IT) governance control framework to ensure that IT 
specific risks would be identified and managed timeously. 

• Appropriate key controls not implemented as the municipality had not established Service 
Level Agreements (SLAs) with all IT service providers due to the non realisation of the 
importance of having such agreements. 

• Due to the lack of the IT governance framework and awareness on the management side, the 
IT security was inadequate and lack updates as it did not include all the minimum aspects. 

• Appropriate key controls not implemented as there was no information security officer at the 
municipality due to the fact that the IT governance framework had not been established to 
ensure that information security functions would be formally delegated to a fit and proper 
individual. 

• Appropriate key controls not implemented since management had not established program 
change control/process to ensure that changes would be initiated, evaluated and approved in 
an appropriate manner. Moreover, Patch management procedures had also not been 
developed to ensure that patches would be tested and deployed accordingly. This was due to 
the lack of the IT governance framework. 

• Appropriate key controls not implemented as the user account management standards and 
procedures had not been established due to management oversight. The absence of the user 
account management standards and procedures resulted in the municipality creating users on 
the system without any source documents. 

• Appropriate key controls not implemented as management had not formally approved a 
Business Continuity Plan (BCP), Disaster Recovery Plan (DRP) and adequate backup 
processes due to the lack of the IT governance framework at the municipality. 



GOVERNANCE 


The risk identification and management processes were inadequate due to the unavailability of a 
skilled person to perform such risk assessments. 


PART D - OTHER REPORTS 

INVESTIGATIONS 

30. Investigations in progress 


Description (include information on 
types of transgressions being 
investigated) 

Reason 

Supply chain 
management 

Fraud 

Financial 

misconduct 

there is investigation still carrying on at 
the municipality pending from prior year by 
the Department of Cooperative 

Governance and Traditional Affairs. 



✓ 

there is also pending investigations by the 
Department of Economic Development and 
Tourism regarding the procurement 
process followed for contractors appointed 
for the Eshowe Bus Rank. 

s 




31 . Investigations completed during the financial year 


Description (include information on 
types of transgressions being 
investigated) 

Reason 

Supply chain 
management 

Fraud 

Financial 

misconduct 

None 





Accounting and compliance matters 

32. National Treasury Preferential Procurement Regulations, 2011 has been issued in terms of the 
section 5 of the Preferential Procurement Policy Framework Act of South Africa, 2000 (Act 
No. 5 of 2000). These regulations will impact on the municipality’s supply chain management 
policies and processes and management must ensure that it updates policies and processes to 
include the new procurement regulations. 






SECTION 4: SPECIFIC FOCUS AREAS 


PART A - SIGNIFICANT FINDINGS FROM THE AUDIT OF PROCUREMENT AND CONTRACT 
MANAGEMENT 

Awards to persons in the service of the state 

33. Eighteen awards to the value of R 1,758,140 were made to persons or entities whose members 
were in the service of other state institutions. Such awards are prohibited by the SCM policy 
and SCM regulation 44 and constitute irregular expenditure. 


Procurement processes and contract management 

The table below provides a summary of other findings on procurement and contract 
management as well as limitations experienced in performing the audit procedures relating to 
the audit findings. It provides an indication on the identified number of instances (#) of findings 
or limitations and the related rand value of the awards. 


Detail 

1 

1 Findings 

Limitations 


R- value 



Other findings 



■ 


Awards made to persons in service of the state 


1,758,140 




Fundamental controls 


The table below provides a summary of our findings on the significant control deficiencies in 
procurement and contract management that should be addressed. 


Governance 


Processes are not established for officials in the SCM unit to detect fraudulent declarations and 
alleged irregular conduct in the SCM system. 





SECTION 5: SIGNIFICANT DEFICIENCIES IN INTERNAL CONTROL 

PART A - ASSESSMENT OF THE ACHIEVEMENT OF CONTROL OBJECTIVES 

34. The achievement of the objectives of internal control is demonstrated by the implementation of 
key controls. The assessment below is based on significant deficiencies relating to the fair 
presentation of the financial statements, material misstatements corrected as a result of the 
audit, findings on predetermined objectives and findings on non-compliance with laws and 
regulations. Significant deficiencies occur when internal controls either do not exist or are not 
appropriately designed to address the risk or are not implemented and which either had or 
could cause the financial statements or report on predetermined objectives to be materially 
misstated and material non-compliance with laws and regulations to occur. When a significant 

deficiency is not applicable, it is assessed with a © to indicate that the deficiency still 

exists but significant progress had been made to address it, white @ indicates that urgent 
attention to the matter is required. Part B gives additional information on the deficiencies that 
should be addressed. Other deficiencies in internal control, which require the attention of 
management, are included in the detailed findings attached to this report. 
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3 Audit dimensions 

Fundamentals 
of internal control 

Financial 

Perfonmanc 

objectives 

re Compliance 
with laws 
and 

regulations 

"I 

Assessment 


Leadership 


• Provide effective leadership based on a culture of honesty, ethical business 
piactices and good governance, protecting and enhancing the best 
interests of the entity 

• 


• 


• Exercise oversight responsibility regarding financial and performance 
reporting and compliance and related internal controls 

# 

m 

• 


• Implement effective HR management to ensure that adequate and 
sufficiently skilled resources are in place and that performance is monitored 

© 

• 

• 


• Establish and communicate policies and procedures to enable and support 
understanding and execution of internal control objectives, processes, and 
responsibilities 

© 

• 

© 


• Develop and monitor the implementation of action plans to address internal 
control deficiencies 

© 

* 

• 


* Establish an IT governance framework that supports and enables the 
business, delivers value and improves performance 

© 

t 

• 

Financial and performance management 


* Implement proper record keeping in a timely manner to ensure that 
complete, relevant and accurate information is accessible and available to 
support financial and performance reporting 

• 

b 

• 

• Implement controls over daily and monthly processing and reconciling of 
transactions 

r© 

© 

• 

• Prepare regular, accurate and complete financial and performance reports 
that aie supported and evidenced by reliable information 

© 


© 

• Review and monitor compliance with applicable laws and regulations 

# 

© 

© 

• Design and implement formal controls over IT systems to ensure the 
reliability of the systems and the availability, accuracy and protection of 
information 

• f 

§ 

© 

Governance 


• implement appropnafe risk management activities to ensure that regular 
nsk assessments, including consideration of IT risks and fraud prevention, 
are conducted and that a nsk strategy to address the risks is developed and 
monitored 

© i 

» 

© 

• Ensure that there is an adequately resourced and functioning internal audit 
unit that identifies internal control deficiencies and recommends corrective 
action effectively 

# 1 

l 

© 

• Ensure that the audit committee promotes accountability and service 
delivery through evaluating and monitoring responses to risks and providing 
oversight over the effectiveness of the internal control environment 
including financial and performance reporting and compliance with laws 
and regulations 

© I 

3> 

© 




PART B - DETAILS CONCERNING THE ACHIEVEMENT OF INTERNAL CONTROL 

OBJECTIVES 

LEADERSHIP 

Implementation of policies and procedures 

35. Those charged with governance and leadership did not establish and communicate fraud 
policies and procedures to enable and support understanding and execution of internal control 
objectives, processes, to ensure that risk of fraud is reduced to an acceptable level. 

36. Management did not establish and communicate policies and procedures to employees to 
enable and support understanding on the procedures and guidelines to be followed by the 
employees relating to leave. 


FINANCIAL AND PERFORMANCE MANAGEMENT 

Adoption of accounting policies 

37. Inadequate implementation of GRAP 19 Leave provisions. 

Monitoring of compliance with laws and regulations 

38. Inadequate review and monitoring of controls in place to ensure compliance with SCM rea 23 
reg 15, reg 38 and MFMA sec 112(1) (c). 

39. Management has not exercised adequate oversight responsibility over compliance with laws 
and regulations required by section 44 of the SCM by trading with suppliers whose members 
are in the service of the state. 

40. Management did not prepare accurate and complete financial and performance reports that are 
supported and evidenced by reliable information. 

41. Inadequate controls over the monthly processing and reconciling of transactions in respect of 
accounts payables to ensure that the correct balance is reported at year end. 

42. Management did not take appropriate corrective actions to ensure that a strategic plan for the 
development of the municipality is timely submitted to the council for approval and adoption 
thereby ensuring compliance applicable laws and regulations of the MSA. 

43. Management did not adequately monitor or review the performance management 
framework resulting in a non compliance with section 38 (a-c) of the MSA. 

44. Inadequate review and monitoring with section 46 of MSA to ensure that there are appropriate 
controls to address the alignment of annual performance report, IDP and SDBIP 

45. Inadequate review and monitoring of controls is undertaken by management to ensure that 
comparison of prior year performance results are accurate and complete required by section 46 
of the MSA. 

46. Management did not prepare complete SDBIP that is informed by performance targets that are 
supported and evidenced by reliable information. 




GOVERNANCE 


47. Overeight responsibility is not undertaken by the audit committee through evaluating and 
monitoring responses to risks and providing oversight over the effectiveness of the internal 
control environment including financial and performance reporting and compliance with laws 
and regulation. 


PART C - ACTIONS TAKEN TO ADDRESS MATTERS PREVIOUSLY REPORTED 
Accounting officer 

48. The accounting officer has not taken adequate steps to ensure that findings in the areas of 
predetermined objectives are adequately addressed from prior years: 

• Alignment of the annual performance report, IDP and SDBIP 

• Implement measures to improve performance 


49. The accounting officer has taken adequate steps to insure that findings in the areas of suddIv 
chain management are addressed from prior years. 1 


SECTION 5: ENTITIES CONTROLLED BY THE MUNICIPALITY 

1 . In terms of the MFMA, the municipality has certain oversight responsibilities regarding the 
municipal entities it controls. The audit outcomes of the municipal entities controlled by the 
municipality are summarised below: 


Name of entity 

Anticipated audit opinion 

Financial 

statement 

opinion 

Findings 

on 

Predeterm 

ined 

objectives 

(“Yes”/“N 

o") 

Findings 

on 

Complianc 

e 

(“Yes’7“N 

o”) 

Areas in which there were significant 
deficiencies in internal control 

Leadership 

Financial 

and 

performanc 

e 

managemen 

t 

Governanc 

e 

Not applicable 

















SECTION 6: RATINGS OF DETAILED AUDIT FINDING S ' “ 

50. For the purposes of this report, the detailed audit findings included in annexure A to C have 
been classified as follows: 

• Matters to be included in the auditor’s report - These matters should be addressed as a 
matter of urgency. 

• Other important matters - These matters should be addressed to achieve clean 
administration. 

• Administrative matters - These matters are unlikely to affect the decisions of the users of 
the financial statements or performance information and should be addressed at the 
discretion of the entity. 




| SECTION 7: CONCLUSION " ' 



51 . The matters communicated throughout this report relate to the three fundamentals of internal 
control which should be addressed to achieve sustained clean administration. The AGSA staff 
remains committed to assisting in the process of identifying and communicating good practices 
to improve governance and accountability, so as to build public confidence in government’s 
ability to account for public resources in a transparent manner. 


Yours sincerely 



Mrombifuthi Makaye 
Senior Manager 


30 November 201 1 


Enquiries: Zaitun Bee G affair Shaik 

Telephone: 033 264 7414 

Fax: 033 264 7596 

Email: 


Distribution: 

Mayor 

CFO 

Audit committee 
Head of internal audit 
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DETAILED AUDIT FINDINGS 


ANNEXURE A: MATTERS AFFECTING THE AUDITOR’S REPORT 


Emphasis of matter 
Employee costs 

1. EX.35 - Irregular Expenditure- Performance Bonuses 2009/10 


Audit finding 

Section 62(b) of the MFMA No 56 of 2003 states the following: 

The accounting officer of a municipality is responsible for managing the financial administration of 
the municipality, and must for this purpose take all reasonable steps to ensure that full and proper 
records of the financial affairs of the municipality are kept in accordance with any prescribed norms 
and standards. 

Section 131 of the MFMA states that the municipality must address any issues raised by the 
Auditor-General in an audit report. The mayor of a municipality must ensure compliance bv the 
municipality. 1 


During the audit of 2009/10, performance bonuses amounting to R 683,109 were paid to the 
section 57 managers resulting in the contravention of Municipal Systems act S57 (4B) and this 
matter was reported during the 2009/1 0 audit. 


Furthermore, we have noted that this amount for performance bonuses was not disclosed in thp 
financial statements of 2010/1 1 . 


Internal control deficiency 

Financial and Performance Management 

Inadequate reviews and monitoring by management for the compliance with the applicable laws 
and regulations for the payment of performance bonuses in terms of section 62 (b) of the MFMA. 

Recommendation 

Adequate reviews and monitoring should be performed by management for the compliance with 
the applicable laws and regulations for the payment of performance bonuses in terms of section 62 
(b) of the MFMA. 

Management must disclose the irregular expenditure in the financial statements as the expenditure 
was actually incurred during the 201 0/1 1 financial year. 

Management response 

The performance bonuses for the 2009-10 year have been disclosed as irregular expenditure on 
the annual financial statements. 

Auditor’s conclusion 

Management response has been noted; however this matter will be reported in the audit report. 





0/>f 


2. EX.2 - No internal audit plan in existence 


Audit finding 

Section 165 of the Municipal Finance Management Act No 56 of 2003, states the following, 

(1) Each municipality and each municipal entity must have an internal audit unit 

(2) The internal audit unit of a municipality or municipal entity must— 

(a) prepare a risk-based audit plan and an internal audit program for each financial year”. 

During the audit we have noted that the internal audit function did not submit the risk based audit 
plan and audit program to the audit committee or the accounting officer for review resulting in the 
internal audit unit not performing it’s duties as outlined in their terms of reference. 

Furthermore, this has resulted in the non -compliance with the applicable requirements of section 
1 65 of MFMA. 

Internal control deficiency 
Leadership 

Inadequate oversight responsibility by leadership for the functioning of the internal audit unit in 
respect of the preparation and submission of the internal audit risk-based audit plan as required m 
compliance with section 165 of the MFMA. 

Financial and performance management 

Inadequate reviews and monitoring of compliance by management with the applicable laws and 
regulations governing the internal audit risk-based audit plan as required in compliance with 
section 165 of the MFMA. 

Recommendation 

Leadership 

Adequate oversight responsibility should be performed by leadership for the functioning of the 
internal audit unit in respect of the preparation and submission of the internal audit risk-based audit 
plan as required in compliance with section 165 of the MFMA. 

Financial and performance management 

Adequate reviews and monitoring of compliance by management with the applicable laws and 
regulations governing the internal audit risk-based audit plan as required in compliance with 
section 165 of the MFMA. 

Management response 

Name: BG Oldman 

Position: Internal audit 
Date: 18/10/2011 
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A three year rolling plan was approved by the audit committee for the 2009/1 0 year and for 201 1 
The results were addressed and the 2010/1 1 plan was adjusted. The risks were reviewed by each 
department and regularly reported to Deputy Municipal Manager. Emphasis was directed to 
salaries, fixed assets existence and Debtors. 


Auditor’s conclusion 

Management response noted, however as per the requirement of the act, the internal audit unit 
should prepare risk based audit plan which should then be submitted to the audit committee for 
approval and implementation, as per the inspection of minutes of audit committee, there was no 
evidence that the internal audit submitted the audit plan for 2010/1 1 for approval. ’ 



3. EX.33 - Non-compliance with Supply Chain Management Regulations 
Audit finding 

In terms of the Municipal Finance Management Act, 2003 {Act No 56 of 2003), the following 
regulations were not adhered to: 


No [Reference 

Requirements for SCM policy 


1 

SCM reg 41(2) 

1 . A supply chain management policy must provide for an effective system of risk 
management for the identification, consideration and avoidance of potential risks in 
the supply chain management system. 

2. A Risk assessment of the SCM system was done and the processes include: - 

(a) the identification of risks on a case by case basis 

(b) the allocation of risks to the party best suited to manage such risk 

(c) acceptance of the cost of the risk where the cost of transferring the risk is 
greater than that of retaining it. 

(d) the management of risks in a pro-active manner and the provision of adequate 
cover for residual risks; 

(e) the assignment of relative risks to the contracting parties through clear and 
unambiguous contract documentation. 


■ 


=) lii) publish the entries in the register and the bid results on the website. 

-■ l 

1 

3' 

WIFMA sec 
I12(1)(c); SCM 
•eg 15 ( 

t 

f 

The SCM Policy stipulates the conditions for the procurement of goods by means of 
jetty cash, which includes conditions:- 

>) limiting the number of petty cash purchases or the maximum amounts per months 
or each manager 


4 


SCM Reg 38(1) 


[The SCM policy provides measures for the combating of abuse of supply chain 
management system, and enables the accounting officer:- 


c) to check the National Treasury's database prior to awarding any contract to 
ensure that no recommended bidder, or any of its directors, is listed as a person 
prohibited from doing business with the public sector. 


During the audit of Procurement & Contract Management, we have noted the following 
non - compliance with the Supply Chain Management Regulations and the Municipal Finance 
Management Act. 

• No Risk Assessment of the Supply Chain Management Policy was done. 

• Names of all bids entered in the register and results of bids that are not published on the 
municipality’s website. 






0* t f 


• The number of petty cash purchases or maximum amounts per month for each manaaer is 

not limited. a 

• The National Treasury's database is not consulted prior to awarding a contract to ensure 
supplier not prohibited from doing business with public sector. 


Internal control deficiency 

Financial and Performance management 

Inadequate reviews and monitoring by management for compliance with the Supply Chain 
Management Regulations. 

Recommendation 


Adequate reviews and monitoring should be performed by management for compliance with the 
Supply Chain Management Regulations. 

Management should address the following ensure that the regulations as per the SCM regulations 
are being adhered to. 

• Risk Assessment of the SCM Policy. 

• Names of all bids should be entered in register and results of bids published on municipality 

website. K 1 

• Limit number of petty cash purchases or maximum amounts per month for each manager 

• The National T reasury’s database should be consulted prior to awarding a contract to 
ensure supplier not prohibited from doing business with public sector 

Management response 

Management Agrees 
SCM reg 41(2) 

Policy will be addressed 


SCM reg 23 

I refer to the above audit query dated 22 October 2011 regarding non-compliance with the Supply 
Chain Management Regulations in respect of the names of bids entered in register and results of 
bids not published on municipality website. 

It is acknowledged that there have been challenges with the Councils Website and the loading of 
information thereon. The Council has recently changed Service Providers and it is expected that 
the services of the website will be improved to comply with the requirements of the MFMA This 
has already been affected in this financial year which is evident from the attached report which was 
downloaded from the Councils Website www.umlalazi.ora.za under ‘Procurement’ This clearlv 
shows the results of bids awarded. y 

In respect of the register of bids entered into, the Corporate Services Department has a Tender 
Register where all bids are recorded on the day that they are opened in public. Copies of this 
tender register will in future be scanned and downloaded onto the Councils website to comolv with 
the requirements of the MFMA. K y 

Adequate monitoring and reviews will be performed by management to ensure compliance with the 
Municipal Finance Management Act, 2003 (Act No 56 of 2003). 
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MFMA sec 112(1) (c) / SCM reg 15 
Reg 12(1) (a) reads as follows: 


Range of procurement processes 

2. (I) A supply chain management policy must, subject to regulation 

II (2). provide for the procurement of goods and services by way 
of- 

{•} petty cash purchases, up to a transaction value of R2 000 
CVAT included); 

The limit of the Petty Cash purchases currently is R1 000.00 per purchase. Currently there is no 
limit per Director / Manager and this issue will be forward to the Executive Committee to determine 
a monthly value per department 

SCM reg 15(b) 

A monthly expenditure report is prepared by the clerk responsible for the issue of Petty Cash and 
is signed by both the Manager: Expenditure and the Chief Financial Officer monthly. 

SCM reg 38(1) 

The National Treasury Web site will be checked prior to the awarding of tenders/services to be 
rendered. This action will be done by the SCM unit 


Name: Suzie van derWesthuizen 


Auditor’s conclusion 

Management response has been noted; however the material non-compliance with laws and 
regulations will be reported in the audit report as non-compliance with the SCM laws and 
regulations. 


Payable 


4. EX.40 - Non- compliance with Supply chain management regulations 
Audit finding 

Section 44 of the Supply Chain Management policy states that: 

The Accounting Officer must ensure that irrespective of the procurement process followed, no 
award may be given to a person - 

(a) Who is in the service of the state; or 

(b) If that person is not a natural person, of which any director, manager, principal shareholder 
or stakeholder is a person in the service of the state; or 

(c) A person who is an advisor or consultant contracted with the municipality or municipal 
entity. 


During the audit the following persons have been identified who are in service of the state and has 
businesses that have been transacting with the municipality resulting in the non-compliance with 
terms and conditions as required by section 44 of the Supply Chain Management policy. 



Entity No 

Entity Name 

Name 

ID NO 

Membership 

Type 

Department 

Rand Value c 
Payments 
made for 
2010/2011 
year 

“I 

if 

191 9/001 81 2/0( 

JUTA & COMPANY 
’ltd 

JOHN DAVID 

VOLMINK 

4909115136085 

Director 

Department of 
Basic 

Education 

456.0 

D 

1972/004241/06 

GOODERSON 

LEISURE 

CORPORATION 

NOMPUMELELO HAZEL 
RADEBE 

5707250750085 

Director 

National 
Department of 
Justice 

8.360.0C 


1983/090130/07 

ROYAL 

HOTEL 

SIMON VI WE 

HEBE 

7609175346080 

Director 

Eastern Cape: 
Local 

government 

1,120.00 


1998/034101/231 

PATWINZA 

HANDCRAFTS 

CC 

HLENGIWE VIKELIWE 
ZULU 

7605180354085 

Member 

Kwazulu Natal: 
Economic 

Affairs 

2,750.00 


1998/067032/23 

QINISEKA 

CONSTRUCTION 

NOMUSA 

NGUBANE 

8711180510087 

Member 

Kwazulu Natal: 
Health & 

Culture 

804,858.53 


?0 02/032 8 79/23 

rHEMBAUKAZULU i 
CONSTRUCTION f 
CC 

rANELE PRETTY-ROSE 
WPUNGOSE 

3407111053087 

Member 

National 

Department of 
3 ubJrc Works 

5,500.00 

2 

L 

F 

1003/048538/23 £ 

’HILIBANE h 

CONTRACTOR > 

JOKUTHANDWA 
JTOMBIKAYISE SANDRA E 
/IBAMBO 

1101281029089 1 

/lember 

C 

(wazulu Natal: 
Jealth & 

Culture 

14,700.00 


25 


2005/01 7868/2 

WALAWALA 

3 TRADING 
ENTERPRISE 

IGEVASIA THEMBISILE 
MZOBE 

7011090447087 

Member 

Kwazulu Natal: 
Education & 
Culture 

78,445.00 

2005/133573/2, 

THIYEKILE 

3 BUILDING 
CONSTRUCTIO 

XOLILE 

NCUBE 

8809200732085 

Member 

Kwazulu Natal: 
Education & 
Culture 


2005/145408/2; 

1 LANGALASEMBO 

SKILLS 

DEVELOPME 

NOMBUSO GLORIA 
MKHIZE 

7609300304087 

Member 

South African 
Police 

Service 


2006/159892/23 

SIBANI TRADING 
CC 

PROMISE STHEMBILE 
NDLANDLA 

8211210326083 

Member 

Kwazulu Natal: 
Health & 

Culture 

150,34146 

2007/155050/23 

MPHAZANYISWA 
TRADING CC 

NJABULO SIBUSISO 
MPAZAMISENI 

KHOZA 

7001195525085 

Member 

South African 
Police 

Service 

15,015.00 

2007/242383/23 

NOMADLINZA 

TRADING 

ENTERPRISE 

GOODNESS 

SAMUKELISIWE 

NGCOBO 

7309160480081 

Member 

Kwazulu Natal: 
Education & 

Culture 

5,600.00 

2008/003971/23 

AKMIWA 
CONSTRUCTION 
*ND PROJEC 

NESIE ZANELE 
MDLETSHE 

7007210489082 

Member 

Kwazulu Natal: 
Education & 

Culture 

19,000.00 

2008/077119/23! 

MWAWEZA AND 
SONS TRADING 

cc 

ZAMANTUNGWA 

SIBONGILE 

<HUMALO 

3406250761088 

Member 

<wazuiu Natal: 
Education & 

Culture 

5,000.00 

E 

2008/102971/23 C 
C 

3IZAMINA 

CONSTRUCTION f 
CC 

IUDIA NOZIPHO 

VlADONDO f 

5811150396087 

Member 

C 

Cwazulu Natal: 
health & 

Culture 

6,270.00 

E 

2008/122008/23 IS 

iSIDIBHA E 

flARKETING C 

30NGANI ISAAC 
)OSINI 1 

'007075629087 " 

u 

Member ^ 

C 

kwazulu Natal: 
■ducation & 

Culture 

5,250.00 

S 

2010/172688/23 C 
A 

INOTHA-SITHE £ 
CONSTRUCTION IS 
ND 

ilTHEMBISO ISRAEL 
IXUMALO 7 

102135430087 * 

Member ^ 

C 

wazulu Natal: 
ducation & 
ulture 

44,437.50 


1,758,140.51 


Internal control deficiency 

Financial and Performance management 

Inadequate oversight responsibility by management for the financial and performance reporting in 
compliance with section 44 of the supply chain management policy. 

Recommendation 

Adequate oversight responsibility should be performed by management regarding financial and 
performance reporting in compliance with section 44 of the supply chain management policy. 






It is recommended that all declaration forms wilh regards to disclosure requirements be updated 
with the requirements of the MSA to ensure that ail disclosures of instances where 
councillors/managements spouses, partners, business associates, close family 
member/government officials who stands to acquire any direct benefit from a contract concluded 
with the municipality are recorded. 

Instances identified above should be followed up for all trading done with the municipality. The 
declaration of interest forms should be updated to include details previously omitted by both 
employees and government officials. Management should ensure that ongoing monitoring and 
checks are in place to ensure that laws and regulations are being complied with. 

The expenditure incurred with officials of the state as per the above schedule are regarded as 
irregular expenditure in terms of Chapter 1 of the Municipal Finance Management Act, 2003 (Act 
No 56 of 2003) and should be disclosed in the financial statements and dealt with accordingly. 

Management response 

Management wish to point to the audit team that we not have access to the CIPRO check facilities 
and if a service provider does not declare the relevant information on the database form it is not 
possible to have known the link to any of the government departments. 

Name: Elna Geringer 

Position: Manager: Expenditure 

Date: 09/1 1/2011 


Auditor’s conclusion 

Management response has been noted; however this matter will be reported. 


5. EX.20 - Performance Management Framework 

Performance Management Framework 
Audit Finding 

Municipal System Act No. 32 of 2000 (MSA) Section 38 (a-c) states the following regarding the 
establishment of performance management system; 

Section 38, A municipality must- 

fa) establish a performance management system that is— 

(i) commensurate with its resources; 

(ii) best suited to its circumstances; and 

(iii) in line with the priorities, objectives, indicators and targets contained in its integrated 
development plan; 

(b) promote a culture of performance management among its political structures, 
political office bearers and councilors and in its administration; and 

(c) administer its affairs in an economical, effective, efficient and accountable 
manner. 

During the audit of Pre-determ ined objectives we have noted that the 'Performance Management 
Framework', the critical component Performance Management System was in draft format as at 
the 1 5 September 201 1 and only received on the 14 September 201 1 from the consultant who 
assisted the Municipality with the framework. 

We therefore conclude that the performance management framework was not adequately 
implemented and or reviewed/ approved during the year under review, resulting in a non 
compliance with section 38 of the MSA and regulations that govern predetermined objectives. 

Internal control deficiency 

Leadership 

Inadequate oversight responsibility exercised by leadership regarding financial, performance 
reporting, compliance and related internal controls for the design and implementation of the 
performance management framework. 


Financial and Performance Management 

Inadequate reviews and monitoring by management for the approval and implementation of the 
Performance management framework in accordance with section 25 of the MSA. 

Recommendation 

Leadership 

Adequate oversight responsibility should be exercised by leadership regarding financial, 
performance reporting, compliance and related internal controls for the design and implementation 
of the performance management framework. 

Financial and Performance Management 

Adequate reviews and monitoring by management for the approval and implementation of the 
Performance management framework in accordance with section 25 of the MSA. 



Management response 

The Performance Management Framework Policy was submitted in hard copy format for 
discussion on 15 March 2011 by the consultant. Due to the Local Government Municipal Elections 
the framework could not be approved within the 2010/2011 financial year and the Performance 
Framework Policy for both 2010/2011 and 201 1/2012 be approved through the Performance Audit 
Committee during the 2011/2012 financial year. 


Auditor’s conclusion 

Management comment has been noted; however this matter will be reported as non-compliance. 
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ANNEXURE B: OTHER IMPORTANT MATTERS 


6. EX.36 - Fraud prevention plan/ Policy 
Audit finding 

Section 62(1) (c) (i) of the MFMA states the following: 

“The accounting officer of a municipality is responsible for managing the financial administration of 
the municipality, and must for this purpose take all reasonable steps to ensure that the municipality 
has and maintains effective, efficient and transparent systems of financial, risk management and 
internal control.” 

During the audit we have noted that there is no approved fraud prevention plan or policy in place 
as management did not establish and implement the fraud prevention plan timely for council’s 
approval. 

Furthermore, this may have resulted in inadequate guidance regarding fraud prevention and could 
lead to fraudulent activities not detected. 


Internal control deficiency 

Leadership 

Inadequate establishment and communication of fraud policies and procedures by leadership to 
enable and support understanding for the execution of internal control objectives, processes and 
responsibilities to ensure that the risk of fraud is reduced to an acceptable level. 

Recommendation 

Leadership 

Leadership should adequately establish and communicate the fraud policies and procedures to 
enable and support understanding for the execution of internal control objectives, processes and 
responsibilities to ensure that the risk of fraud is reduced to an acceptable level. 

Those charged with governance and leadership must establish fraud policies and submit to the 
council for approval and communicate policies to all staff. 

Management response 

The policies were submitted to the auditors. 


Auditor’s conclusion 

The auditors received the following documents which were received 

• Fraud and corruption regulatory framework 

• Anti- fraud and corruption prevention strategy 

• Fraud corruption policy and procedures 

As per the extract of Exco Minutes 47/11/12 held on 22 July 201 1 , these documents were 
approved by the council on the 05 September 2011. We conclude that there was no approved 
policy during 2010/1 1 as it was only approved during 2011/12 financial year. This matter will be 
followed up in the 2011-12 year. 
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Non - compliance with Laws and Regulations 
7. EX. 7 - Audit Committee - MFMA 166(4) 


Audit finding 

Section 166(4) of Municipal Financial Management Act states the following: 

"Each municipality and each municipal entity must have an audit committee; an audit committee 
must meet as often as is required to perform its functions, but at least four times a year". 

During the audit we have noted that the Audit Committee only met twice during the 2010/201 1 
financial year resulting in the non-compliance with the provisions of section 166 (4) of MFMA. 


Internal control deficiency 

Governance 

Oversight responsibility is not undertaken by the audit committee through evaluating and 
monitoring responses to risks and providing oversight over the effectiveness of the internal control 
environment including financial and performance reporting and compliance with laws and 
regulation. 


Recommendation 

Management should ensure that the committee promotes accountability and service delivery for 
the evaluating and monitoring of response to risks to provide oversight over the effectiveness of 
the internal control environment including financial, performance reporting and compliance with 
laws and regulation. 

Management response 

Name: GBE Oldman 
Position: Internal Audit 
Date: 18/10/2011 

The audit committee met twice within the financial year and the Third time on 22 July 201 1 . It was 
difficult to arrange quarterly meetings to satisfy all the stakeholders and more particularly the 
influence of elections. Efforts will be made to ensure that 4 meetings at least are held in 2011/12 
The members of the committee comprise of CA (SA) and accounting trained personnel and they 
take task seriously. 7 

Auditor’s conclusion 

Management response has been noted and this matter will be followed up in the 2011-12 year. 
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8. EX.45 - Actual performance in the annual performance report 


Audit finding 

GRN. 796 of 24 August 2001, Regulation 13 states the following regarding Monitoring, 
measurement and review of performance. - 

(1) A municipality, must in consultation with the local community, develop and implement 
mechanisms, system and processes for the monitoring, measurement and review of performance 
in respect of the key performance indicators and performance targets by setting it. 

(2) the mechanisms, systems and processes for monitoring in terms of sub-regulation (1) must- (a) 
provide for reporting to the municipal council at least twice a year; 

(b) be designed in a manner that enables the municipality to detect early indications of under- 
performance; and 

(c) provide for corrective measurements where under-performance has been identified. 

During the performance of the audit on predetermined objectives we have noted that there were 
instances where the actual performance reported was not supported by adequate and reliable 
evidence. Furthermore, there are instances where we were not provided the relevant information to 
conclude on the validity accuracy and completeness of the actual performance in the performance 
information. 


Measurable 

AKinr>in.fo /Aj >{■ xii 

Performance 
Measure I 
Indicator (Unit 
Of Measure) 

JDP 20 10 '2011 

Annual Annual 

Target Achievement 

1 

Audit Findings and 1 

Imptemerataiicri of 
Organisational 
Performance 
Management 

System 

.Date or review 

31 -May-11 

05 -May-11 

During the performance of the 
audit we noted that this has not 
been done based on the audit 
evidence gained (refer to 
exception 13 in the second 
exception report). This should be 
corrected to state that this is in 
progress and a planned measure 
for improvement to be included 
together with the supporting 
documentation. 

Alignment of OPMS with 
Integrated Development 
Plan 

Date 

31 -May-11 

05-May- 1 1 

During the performance of the 
audit we noted that this has not 
been done based (refer to 
exception 13 in the second 
exception report) on the audit 
evidence gained. This should be 
corrected to state that this is in 
progress and a planned measure 
for improvement to be included. 
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Submission of Quarterly 
Performance 
Management reports to 
Council 

Number of 
reports 

4 

4 

Per discussion with the MM we 
noted that 4 quarterly reports 
have not been submitted to 
council. This should be corrected 
to state that this is in progress / 
state the amount of quarterly 
performance reports submitted ( 
and to provide us supporting 
documentation for this) and a 
planned measure for improvement 

Prepare and submit 
Annual Performance 
Report to Council for 
approval 

Da te of 
approval 

31-.!an-ll 

31 -Jan-Ill 

We noted that the annual 
performance report was only 
submitted to council for approval 
after year end. This should be 
adjusted to reflect this is in 
progress and a planned measure 
for improvement should also be 
included. 

Households with access 
to waste disposal 
services 

Number of 
Households 

6,216 

4 809 

Inspected supporting 
documentation to confirm 5436 
households had access to waste 
disposals. This is to be adjusted 
to reflect this. 

New houses oonsftnxfed 

Number of 
facilities 

145 

134 

No evidence provided to us to 
support this 

Jobs created through 

LED Programmes 

Number of jobs 

20 

28 

Inspected authorized supporting 
documentation to confirm 40 
therefore this needs to be 
adjusted to reflect 40. 

Jobs created through the 
municipal fty’s Capital 
Projects 

Member ©if jobs 

241 

223 

Per inspection of various 
supporting documentation we 
noted that the jobs created is 262, 
therefore the planned measure for 
improvements should not be 
included here. 

Capacity building 
initiatives 

Number of 
initiatives 

2 

6 

1. Computer skills development 
programme. 2. Franchise 
awareness. 3. Career exhibitions. 

4. Development of the taxi rank. 

This amounted to 4 initiatives and 
this should be adjusted to reflect 
this. 

Facilitate Management 
Meetings i 

L 

Number of 
meetings 

24 

16 

Per discussion with Neville 

Williams Corporate services and 
per inspection of the minutes we 
noted that there was 15 meetings 
that took place the 'achieved' 
must be corrected to reflect 15. 



Facilitate Ward 
Committee meetings 

Number of 
meetings 

104 

45 

Inspected the authorised schedule 
of 2010/2011 Ward committee 
meeting dates and noted that 
there were 72 ward committee 
meetings facilitated therefore this 
should be adjusted. 

Manage the SLA 
between District and 
uMlalazi in terms of the 
relevant Health 
Legislation 

Number of 
reports 

4 

4 

No supporting documentation 
provided to us for this 

Humanitarian Relief 
(Disaster) 

Number of 
programmes 

1 

1 

No supporting documentation 
provided to us for this 

Attend, liaise and report 
on Coastal Management 
Group 

Number of 
reports 

6 

6 

No supporting documentation 
provided to us for this 

Facilitate and manage 
HIV/AIDS Programmes 

Number of 

AIDS parcels 

20J3 

235 

Based on the HIV aids desk food 
parcels register we noted that a 
total of 313 food parcels have 
been included on this register and 
this should be adjusted to reflect 
this. 

Delivery of Burial 

Services to the 

Community 

Number of 
graves dug 

120 

14? 

Per inspection of the register of 
burials in 2010/201 1 there have 
been 157 burials. This should 
therefore be adjusted to reflect 
this. 

Establishment of Road 
Safety Projects 

Number of 
Projects 

20 

33 

Per inspection of the supporting 
documentation provided we noted 
that there are 20 projects that 
occurred. 

Ensure the marking of 
Municipal Roads 

Number of km 

60km 

28,334km 

Inspected the schedule of 
maintenance however this should 
be adjusted to 28kms (rounded 
up). Furthermore a planned 
measure for improvement should 
be inserted. 

Plan and prepare for 

Crime Consultative 
meetings 

Number of 
meetings 

12 

23 

Based on the audit evidence we 
noted that that there were 21 
meeting therefore this needed to 
be adjusted 

Improve the functioning 
of the Customer 
Complaints Call 

Centre and Disaster 
Management Centre 

L 

Number of 
reports 

4 

6 

1 . 

Based on inspection of the 
supporting documentation this is 
done on a quarterly basis and 
therefore this should be adjusted 
to 4. 
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Improve debtor 
collection per target 

% improvement 

5% 

88 31% 

Per discussion with Buks Kosta 
(Deputy CFO) we noted that this 
is to be updated to compare to 
prior year giving a debtor 
collection per target of the most 
conservative target. This should 
be corrected to 8.31 % based on 
the audit evidence qained. 

Compile Financial 

Statements that comply 
with applicable 
legislation (GRAP) 

Date of 
completion 

31 -Aug-10 

20-Aug-1 0 

We noted that the letter dated for 
the submission of documents was 
25 August 2010 and not 20 

August 2010. This should be 
corrected to reflect this. 

Prepare time schedules 

of Key Deadlines for 
2010/11 FY 

Date tabled 

31 -Aug-10 

1” 02-Aug-1Q 

This has only been done on the 

03 August 2010 therefore 
achieved' should be corrected to 
reflect this. 

Amount itrsvsioed/foil’lefl to 
Ofstomeirs 

R waiwe of 
irrwoioes raised 

74.940,750 

7&5BM03 

Per inspection of the AFS we 
noted that the actual should be 

R85 564 109 and the budget 
should be R86 210 390. 

Furthermore a planned measure 
for improvement should be 
included here. 


Note: Where the recommendations above have stated that planned measures to improve should 
be documented, supporting documentations should also be provided to us for audit purposes. 

The information being reported in the annual performance report not being valid, accurate and 
complete resulting in the non compliance with laws and regulations. 


Internal control deficiency 

Financial and Performance Management 

Inadequate preparation performed by management for regular, accurate and complete 
performance reports that are supported and evidenced by reliable information for pre-determined 
objectives. 

Recommendation 

Adequate preparation should be performed by management for regular, accurate and complete 
performance reports that are supported and evidenced by reliable information for pre-determined 
objectives. 

1. Management to correct instances to ensure that the reported performance agrees to the 
supporting documentation (audit evidence gained). 

2. Management to provide us with the required information in order to audit the reported 
performance where no supporting documentations have been provided. 
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Management response 

This matter will be corrected and submitted to the auditors. 


Auditor’s conclusion 

This matter will be reported if the performance report not corrected. 



Payable 


9. EX.11 - Accounts Payable - Cut off issue 
Audit finding 

In terms of section 65 of the MFMA. 


(1) The accounting officer of a municipality is responsible for the management of the expenditure of 
the municipality. 

(2) The accounting officer must for the purpose of subsection (1) take all reasonable steps to 
ensure — 

(c) that the municipality has and maintains a system of internal control in respect of creditors and 
payments; 

During the audit of trade payables it has been noted that the following creditors invoices was 
recorded in the incorrect financial year (cut-off) resulting in unrecorded liabilities resulting in the 
misstatement of the creditors balances at year end. 


Ref 

Suppliers 

Amount 

E261 04 /INV 26104 

TMT Services and Supplies (Pty) Ltd 

186,786.15 


Internal control deficiency 

Financial and Performance management 

Inadequate controls implemented by management over the monthly processing and reconciling of 
transactions in respect of account payables to ensure that the payables are accurately and 
completely recorded in the financial statements. 

Recommendation 

Adequate controls should be implemented by management over the monthly processing and 
reconciling of transactions in respect of accounts payables to ensure that the payables are 
accurately and completely recorded in the financial statements. 

Management response 

Management Disagrees 

E26104 TMT inv 2998 in the amount of R1 86786 for month of June 2011 was received on 
26/07/201 1 . This invoice had to be paid from the 201 1/12 financial year’s budget as creditors were 
already finalized to enable the completion of the financial statements 


Name: Elna Geringer 
Position: Manager Expenditure 
Date: 17/10/2011 


Auditor’s conclusion 

Management’s response is not accepted for 261 04 TMT inv 2998 for the amount of R1 86 786 for 
month of June 201 1 as this is a clear understatement of creditors at year end. 




Predetermined objectives 


10. EX.24 - Difference in Annual Performance Report, I DP and Service delivery 
implementation plan (SDBIP) 


Audit Finding 

According to section 46 of Municipal Systems Act No. 32 of 2000, a mun icipality must prepare for 
each financial year a performance report reflecting: 

a) The performance of the municipality and of each external service provider during that financial 
year; 

b) A comparison of the performances referred to in paragraph (a) with targets set for and 
performances in the previous financial year, 

Regulation 7 also states the following - 

Nature of performance management system (2) in developing its performance management 
system, a municipality must ensure that the system- 

td) clarifies the process of implementing the system within the framework of the integrated 
development planning process; 

(g) provides for the procedure by which the system is linked to the municipality's integrated 
development planning process. 

During the audit of predetermined objectives, we have identified that the key performance 
indicators and performance targets as per Integrated Development Plan (IDP) are not in alignment 
with the performance indicators and performance targets as reported on in the annual performance 
report. 

Furthermore, we have also noted that the key performance indicators and performance targets as 
per the performance report are not in alignment with the SMART principle as they are not Specific, 
Measurable, Achievable, Realistic and Tangible or Time-based. 

There is inadequate alignment between the predetermined objectives as per the IDP and the 
objectives that the entity has reported on resulting in inadequate alignment between the IDP and 
the SDBIP. 

The differences identified has resulted in the non compliance with the laws and regulations that 
govern performance information namely the MSA and regulations. 

Internal control deficiency 

Financial and Performance Management 

Inadequate reviews and monitoring has been performed by management for the alignment of the 
IDP and SDBIP in accordance with section 46 of the MSA and regulation 7 (2) (d) and (g). 


Recommendation 



Management should perform adequate reviews and monitoring of the pre-determ ined objectives so 
that the performance results stated in the I DP should be reported on in the annual performance 
report, to ensure compliance with section 46(b) of the Municipal Systems Act. 

Management must set key performance indicators and performance targets that are specific 
measurable, achievable, realistic and tangible/time-based. 


Management response 


In December 2009, KZN CoGTA released a format to be used in the compilation of the OPMS 
Scorecard. The Scorecard is in direct alignment with the departmental regulated format and thus 
set out as SMART. 


The Performance Management Framework Plan sets out the process of performance management 
within the organization. These processes are included in the Draft Annual Performance Report as 
an executive summary. A full process stipulation will be added to the Final Annual Performance 
Report upon the recommendation of the Auditor General. 


Examples are to be given of non-alignment to specifically address the finding, though a workshop 
will be held with the consultant and all applicable persons during the 2011/2012 financial year to 
review all performance related documentation to ensure full alignment. 

Name: THEMBINKOSI SIMON MASHABANE 

Position: ACTING MUNICIPAL MANAGER 

Date: 03 November 2011 


Auditor’s conclusion 

Management’s comments noted, however this matter will be reported and followed up in the 
201 1/2012 year. Numerous inconsistencies were noted in the comparison of these documents and 
including this in the report would be impracticable. Management should feel free to consult the 
auditors and discuss the inconsistencies identified. The internal audit unit must perform audit on 
the annual performance report by comparing these documents to ensure that the differences are 
identified timely and resolved. 





11. EX.26 - Inadequate comparison of prior year performance 


Audit Finding 

Section 46 of Municipal Systems Act states that a municipality must prepare for each financial year 
a performance report reflecting: 

a) The performance of the municipality and of each external service provider during that financial 
year; 

b) A comparison of the performances referred to in paragraph (a) with targets set for and 
performances in the previous financial year. 

During the audit of predetermined objectives, we have identified that the annual performance 
report do not have all the performance results for the previous year {i.e. 2009/2010 baseline) for 
the comparison between prior year and current year performance which has resulted in a non 
compliance of section 46 of the MSA. 


Internal control deficiency 

Financial and Performance Management 

Inadequate reviews and monitoring has been performed by management in accordance with 
section 46 of the MSA to enable the performance results for the prior year based on the pre- 
determined objectives to be reported on in the annual performance report as required by section 
46{b) of the Municipal Systems Act. 


Recommendation 

Management should perform adequate reviews and monitoring to enable the performance results 
for the prior year based on the pre-determ ined objectives to be reported on in the annual 
performance report as required by section 46(b) of the Municipal Systems Act. 


Management response 

At the time of the approval of the OPMS Scorecard for 2010/2011, the organization was in the 
process of conducting a backlog study to determine baselines and performance in previous years. 
This finding is to be specifically addressed during the review of the 2011/2012 OPMS Scorecard. 

Name: THEMBINKOSI SIMON MASHABANE 

Position: ACTING MUNICIPAL MANAGER 

Date: 03 November 201 1 


Auditor’s conclusion 

This matter will be reported and followed up in the 201 1/2012 year. 


40 



12. Financial Impact 
Audit Finding 

Regulation 6 of the GRN.796 of 24 August 2001: Local Government: Municipal Planning and 
Performance Management Regulations, 2001, states that a municipality's Integrated Development 


(a) must inform the municipality's annual budget that must be based on the development priorities 
and objectives and the performance targets set by the municipality. 

(b) be used to prepare action plans for the implementation of strategies identified by the 
municipality. 

During the audit of predetermined objectives we have noted that the annual budget Service 
Delivery and Budget Implementation Plan (SDBIP) are not informed by the development priorities 
and objectives by the performance targets as set out by the municipality in the [DP. 

Furthermore, the financial impact of those measures that have been achieved as per the 
performance report has not been stated in the annual performance report thus resulting in non 
compliance with the laws and regulations in accordance with regulation 6 of the GRN.796 of 24 
August 2001: Local Government: Municipal Planning and Performance Management Regulations 


Internal control deficiency 

Financial and Performance Management 

Inadequate reviews and monitoring performed by management for the reporting of pre-determined 
objectives resulting in non compliance with the laws and regulations in accordance with regulation 
6 of the GRN.796 of 24 August 2001: Local Government: Municipal Planning and Performance 
Management Regulations, 2001. 


Recommendation 

Adequate reviews and monitoring should be performed by management for the reporting of pre- 
determined objectives in accordance with regulations 6 of the GRN.796 of 24 August 2001: Local 
Government: Municipal Planning and Performance Management Regulations, 2001. 


Management response 

No management response obtained 


Auditor’s conclusion 


This will be carried forward to the management letter for further consideration in the auditor’s 
report. 



13. EX.28 - No measures to improve performance 


Audit Finding 

Section 46 (1) (c) of the Municipal Systems Act, No.32 of 2000, states a municipality must prepare 
for each financial year a performance report reflecting "measures taken to improve performance" 

Furthermore section 41 (d) and 42 of the same Act states that: 

A municipality must in terms of its performance management system and in accordance with any 
regulations and guidelines which may be prescribed - 

(d) Take steps to improve performance with regard to those development priorities and objectives 
where performance targets are not met. 

(2) The system applied by the municipality must be devised in such a way that it may serve as an 
early warning indicator of under-performance. 

During the audit of predetermined objectives the following was noted: 

> There were instances where planned measures for improvement are documented in the 
annual performance report (see table A). 

> There were instances where measures taken to improve were not adequate / vague (see 
table 

B). 

• Also there is no first, second and third quarterly report therefore there is no tracking toll 
indicating how far to the target is the municipality. 

Based on the above we have identified that there are no processes that assist in early detection of 
under-performance. 

The performance report reveals a general under-performance of the performance measures and 
the municipality has no mechanism in place to improve performance or detect under-performance 
throughout the year resulting in a non compliance with the laws and regulations that govern 
performance information namely the MSA section 46. 


Table A - Instances where the Annual performance report does not reflect measures taken to improve 
performance. 


Predetermined objectives 

Performance measure/indicator 

Target 

Actual 

performance 

achieved 

Women employed by the municipality 

Number of women 

134 

114 

Jobs created through the municipality’s Capital 
Projects 

Number of jobs 

241 

223 

Outstanding service debtors to revenue 

Outstanding service debtors / revenue 
actually received for services 

-0.32 

-0.33 

Total revenue received from grants and 
subsidies 

R value 

64255738 

57515861 

Debt service payments 

Percentage of total debts 

80% 

38.31% 


Table B- Instances where measures taken to improve performance are not supported by adequate and reliable 
corroborating evidence. 
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Internal control deficiency 
Financial and Performance Management 


Inadequate reviews and monitoring by management with the applicable laws and regulations as reauired bv 
section 46 of the Municipal Systems Act. H ’ 


Recommendation 

Adequate reviews and monitoring should be performed by management with the applicable laws and 
regulations as required by section 46 of the Municipal Systems Act. 

Management should implement planned measures of improvement in accordance with 

those reflected in the annual performance report in order to comply with section 46 (1) (c) of the Municipal 

Systems Act. The quarterly reports of performance, management should track how far the municipality is from 

the target by including a column of what was achieved in the prior quarters to allow for an early detection of 

under-performance. 


Management response 

All relevant indicators not achieved are to be reviewed by the applicable user department and be 
provided with adequate and tangible measures for improvement in the 2011/2012 financial year 
The updated measures for improvement, as noted in the finding above, will be addressed and 
submitted to the Auditor General in an amended Draft Annual Performance Report. 

Name: THEMBINKOSI SIMON MASHABANE 

Position: ACTING MUNICIPAL MANAGER 

Date: 03 November 201 1 

Auditor’s conclusion 

Management response has been noted; however this matter will be followed up in the 2011-12 
year. 





THE INFORMATION SYSTEMS AUDIT OF THE GENERAL CONTROLS AT THE UMLALAZI 
LOCAL MUNICIPALITY 


SECURITY MANAGEMENT 

Security management ensures that security controls are implemented to prevent unauthorised 
access to the network and information systems that generate the information used to DreDare thp 
financial statements. 

IT management had designed security management controls, which had been documented and 
approved, but the controls were not adequate as they did not fully address/mitigate key risks such 
as the following: 


14. INFORMATION TECHNOLOGY POLICY NOT UPDATED 


Audit finding 


Although the Municipality had information technology (IT) policy document that was approved on 
06 May 2009, it was never been updated to reflect the current IT environment. Furthermore, the 
information technology (IT) policy was incomplete as it did not include the following stipulations: 

• Responsibility for IT security (both operating system level and application system level security) 

• Actions to be taken due to a security incident 

• What security policies are relevant to what users 

• Ownership of information and classification of information (specifying that data belongs to the 
auditee and should not be altered or disclosed without specific authorisation) 

• Physical security over IT resources (computer room, security over general office areas, 
protection of portable computer equipment, etc.) 

• Protection of information 

Without updated security policy, it is unlikely that the actions carried out by staff would support the 
municipality’s security objectives and this could result in confidentiality, integrity and/or availability 
problems. 3 


Internal control deficiency 

Leadership - lack of IT governance control framework to ensure that the IT policy is updated and 
reflect the current IT environment 

Recommendation 


Management should update or revise the security policy to reflect the current status of the IT 
environment, as well as the relevant controls necessary to protect the resources. The above listed 
stipulations should also be included in the IT policy. 
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Management response 


Agreed with the finding 

This refers to the policy mentioned in par 1.1 and the same action will be taken 

Responsible official: E P Geringer 
Position: Manager: Expenditure 

Action date: End of November 201 1 after the annual User Group 
Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 
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15. LACK OF INFORMATION SECURITY OFFICER 


Audit finding 


The responsibilities for information security are not delegated to an information security officer. 
Information security officer roles and responsibilities that are not delegated to a specific individual 
could result in the lack of coordination, management oversight and direction for both physical and 
logical aspects of security, including information security. 


Internal control deficiency 


Leadership -lack of IT governance control framework to ensure that the responsibilities of the 
information security officer are delegated to the security officer. 


Recommendation 


Management should ensure that the IT security policy is reviewed and approved. The IT security 
policy must also state the responsibility for IT security officer for (both operating system level and 
application system level security) 


Management response 


Currently there is no availability for this on the council’s organogram and this function is taken care 
of by Manager: Expenditure and/or the Account: Expenditure 

Responsible official: E P Geringer 
Position: Manager Expenditure 
Action date: 2011/12 


Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 
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USER ACCESS CONTROL 

User access control is the systematic process of managing the access of users to an application. 
The process includes the creation, review, disabling and removal of user accounts. 

IT management had not formally designed user access controls (policies, procedures, guidelines) 
to mitigate the risk of unauthorised access to the network and information systems. As a result the 
following key risks were not addressed: 


16. LACK OF USER ACCOUNT MANAGEMENT PROCEDURES (OPERATING SYSTEM 
ABAKUS, AND CORVU AND VIP APPLICATIONS) 


Audit finding 


User account management (UAM) procedures had not been developed to define the internal 
controls that should be followed when a user account is created, access rights are allocated or 
modified or user accounts and related access rights are no longer required. UAM procedures were 
also not in place to ensure that user accounts with powerful access rights would be monitored. 

Furthermore there was no evidence that the following control activities were being performed: 

• Review of logon violations to detect unauthorised attempts to access the system 

• Review of administrators’ activities on the financial applications by an independent person to 
detect misuse of powerful rights 

• Review of users’ access rights on financial application to ensure that they remained relevant 
to their job responsibilities 

• Documented and approved requests required for the creation of new accounts 

Poor management of user accounts exposes information to inappropriate disclosure and might 
compromise the segregation of duties, which could lead to unauthorised transactions being 
processed and approved. 


Internal control deficiency 


Leadership - inadequate implementation of policies and procedures due to management oversight. 


Recommendation 


Management should develop and implement UAM procedures, which should include a description 
of the following processes, as a minimum: K 

• Setting up of new users (authorisation) 

• Access termination and changing of user profiles 

• Steps to be taken to identify inactive accounts 

• Periodic checks to ensure that employees’ current levels of system access are 
commensurate with their job responsibilities 

• Periodic reviews of unauthorised access to both operating and application systems 

Furthermore, adherence to the procedures should be monitored regularly. 
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Management response 


The ABAKUS system has a “Log In" file which records the movement of every user. Each and 
every single module visited will be recorded as well as the activities done. Due to the size of this 
file / print out, no hard copies are made. The Manager: Expenditure copies this file every Friday to 
the Server and on a quarterly basis, when the ABAKUS consultant visits site, it gets checked and 
then cleaned 

The required register will be implemented which will reveal the information in respect of new users 
created 

Responsible official: E P Geringer/ M Kettle 
Position: Manager: Expenditure 
Action date: 2011/12 


Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 
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PROGRAM CHANGE MANAGEMENT 

Program change management controls ensure that any proposed changes to an existing 
information systems environment would be coordinated, scheduled, authorised and tested to 
prevent unnecessary disruptions, erroneous changes and unauthorised and inappropriate access 
to programs. 

IT management had not formally designed change management controls (policies, procedures, 
guidelines) to mitigate the risk of unauthorised access to the network and information systems As 
a result, the following key risks were not addressed: 


17. LACK OF CHANGE CONTROL PROCEDURES 


Audit finding 

A formal change management process covering the initiation, evaluation, approval, testing and 
acceptance of changes by the user community had not been established. Furthermore, the patch 
management procedure requiring patches to be tested before being deployed in the environment 
was not in place. As a result, Microsoft patches were deployed without having been tested. 

Even though applications are owned by the vendors, the municipality has a responsibility to 
maintain the integrity of its information, which includes the authority to decide which changes 
should be made to the application. Changes considered necessary by the vendors might not be 
required by the municipality and might even corrupt information if they are not tested and submitted 
to the user community for acceptance before implementation. 

Patches do not always work as intended. If they are not suitable for the environment they might 
create more problems instead of solving problems. 


Internal control deficiency 


Leadership - lack of IT governance control framework to ensure that the change management 
procedures is documented and approved by management. 


Recommendation 


Management is encouraged to develop, approve and implement change management process to 
ensure satisfactory control over the IT changes. The documentation of the process should address 
the following: 

• Authorisation and approval of requests for changes 

• Emergency change procedures 

• Procedures for the restriction of access to the production environment 

• Testing procedures to ensure that changes were made as documented and that user 
satisfaction has been obtained in respect of the proposed system changes 

• Hardware changes 
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Management response 


ABAKUS system as far as new release or changes concerns had been discussed in par 4.2 
In terms of Microsoft patches it must be noted that no user has the control over it. Microsoft will 
update computers linked to the internet automatically when ever updates are available 
No infrastructure exists to run dual systems at this municipality. This means that a complete 
system must be installed which is linked to the internet where the relevant patches will be 
downloaded. Once this has been done, each user’s computer must then by updated with the 
relevant patches 

Responsible official: E P Geringer/ M Kettle 
Position: Manager: Expenditure 
Action date: 2011/12 

Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 



18 . VENDORS’ ACCESS TO APPLICATIONS NOT MONITORED 


Audit finding 


The consultants supporting the ABAKUS and VIP applications had full access to all the functions 
No evidence was, however, available to confirm that their activities were being monitored. 

If the access of vendors is not monitored, the confidentiality of the municipal information might be 
compromised. 


Internal control deficiency 


Leadership - inadequate implementation of policies and procedures due to management oversight 


Recommendation 


Management should, from time to time, draw reports on the activities performed with the vendors' 
accounts to determine whether the functions they have accessed were relevant to the purpose of 
the access. 


Management response 


The municipality has a SLA with Messrs Fujitsu in respect of the ABAKUS / CORVU systems. The 
SLA makes provision for visits of 4 days per quarter. A list of needs/problems is forwarded to the 
Manager: Expenditure before the relevant site visit. At the end of the visit the consultant completes 
a service voucher and the list of requirements with notes/comments is attached 
Program updates are normally released on a yearly or half year period. Before updates are 
installed a full system backup is made which is kept off site for a period of 3 months. Updates are 
loaded in ABAKUS TEST first to ensure that all activities are working before it gets transferred to 
the live program. The consultant discusses the release notes with the relevant staff member and 
assists if any queries are raised 

Messrs VIP Payroll Systems has a SLA and work on an Ad-hoc basis. The consultant will be called 
to site for a specific need or problem which will then be taken care of at the time of visit 
Program updates are notified via E Mail and will be down loaded from the VIP Internet Site Before 
updates are installed a full system backup is made. 

A register will be implemented revealing all future updates/program changes 

Responsible official: E P Geringer/ M Kettle 
Position: Manager: Expenditure 
Action date: 2011/12 

Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 



0 * 1 ? 


FACILITIES AND ENVIRONMENTAL CONTROL 

Restrictions controlling physical access to sensitive areas and facilities safeguard information 
systems to ensure the security, integrity, condition, performance and accessibility of the systems 
and the system information. Environmental controls are implemented to protect information 
systems assets against environmental hazards posed by temperature fluctuations, water leakages, 
etc., to ensure the integrity, performance and accessibility of systems and information. 

IT management had not formally designed facilities and environmental controls (policies, 
procedures, guidelines) to mitigate the risk of unauthorised access to the network and information 
systems. As a result the following key risks were not addressed: 


19. INADEQUATE PHYSICAL ACCESS AND ENVIRONMENTAL CONTROLS IN THE SERVER 
ROOM 


Audit finding 

The servers were in the financial officer’s office to which physical access was not limited to 
personnel whose duties required them to access the server room and the server room door was 
left opened on the day of the audit. Furthermore there was no evidence that controls had been 
established to address the following: 

• Signage prohibiting eating, drinking and smoking in the server room. 

• Installation of water and smoke detectors 

• Register of visits to the server room 

• Protection of the server room from the fire hazards - flammable materials such as boxes, files 
and other flammable supplies were stored in the server room. 

• The computer cables were not neatly arranged but were lying in a disorderly and entangled 
fashion on the floor. 

• No maintenance schedule for air conditioners. 

If servers are not adequately protected from access violations and environmental hazards, the 
information on them might be exposed to unauthorised access or damage caused by water or fire 
which might compromise the integrity of information, or lead to a loss of data. 


Internal control deficiency 


Leadership -development of suitable server room inhibited by budget constraints. 


Recommendation 


Management should consider creating a separate server room. It should be properly designed to 
protect the servers from flooding and fire. Furthermore, the air conditioners should regularly be 
serviced and signs should be put up to prohibit eating and smoking in the server room. 


Management response 

• Food and liquids are prohibited from all work stations including the server room 

• Installation of smoke / water detectors will be investigated 


52 


• A register is not practical. The staff visiting the server room is authorized to do so due to the 
fact that the line printer, which is linked to the network, is installed in the server room. This 
printer is linked to the ABAKUS system and is needed to cater for the huge volume of print 
work when creditors run as well as month end print outs are made 

• The files stores in the server room are for completed grants which had not been audited by the 
National Treasury auditors. This action is done due to a lack of storage space in the office of 
the Manager: Expenditure 

• These are not computer cables but the cables for the CCTV's. The Finance Department 
currently has 16 cameras and once again space is a problem. The cables are behind the two 
cabinets and is no danger to anyone 

• The maintenance of the municipal air conditioners are the function of the Engineers 
Department and is done on a annual basis 


Responsible official: E P Geringer/ M Kettle 
Position: Manager: Expenditure 
Action date: 2011/12 


Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 



INFORMATION TECHNOLOGY SERVICE CONTINUITY 

IT service continuity is the prooess of managing the availability of hardware, system software, 
application software and data to enable an organisation to recover/re-establish information 
systems services in the event of a disaster. The process includes IT continuity planning, disaster 
recovery plans and backups. 

IT management had not formally designed IT service continuity controls (policies, procedures, 
guidelines) to mitigate the risk of unauthorised access to the network and information systems As 
a result, the following risks were not addressed: 


20. DISASTER RECOVERY PLAN NOT DEVELOPED 


Audit finding 


Evidence that a disaster recovery plan (DRP) and a business continuity plan (BCP) had been 
developed to ensure that municipal operations could be resumed after a disaster, could not be 
provided. 

The municipality might consequently not be able to resume business operations in the event of a 
disaster/interruption. 


Internal control deficiency 


Leadership - inadequate policies and procedures implementation due to a lack of IT governance 
control framework to ensure that the DRP document is developed and approved by management. 


Recommendation 


As part of the overall risk assessment the risks caused by natural disasters should be identified 
and the plans put in place to protect the resources and to minimise disruption to service delivery. 

As a minimum, the plan should address the following: 

• A resumption strategy 

• Names, roles and contact details of team members to implement the strategy 

Emergency drills should be undertaken to familiarise team members with their responsibilities and 
to ensure that each member clearly understands how to execute his/her role effectively. Copies of 
the plans should be kept off site to protect them from destruction in a disaster. 



Management response 


A full Disaster Recovery system had been implemented offsite. This will enable the municipality to 
carry on with limited activities until such time as the full system had been restored. Currently print 
servers are being installed on all cahier points which will enable the collection of cash to carrv on 
interrupted 1 


Responsible official: E P Geringer/ M Kettle 
Position: Manager: Expenditure 
Action date: 2011/12 


Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 



21. BACKUP PROCEDURES NOT DEVELOPED 


Audit finding 


The municipality had not formalised the backup procedure by designing a backup strategy that 
included the following: 


• Identification of data to be backed up 

• Scheduling of backups 

• Off-site storage arrangements for backups 

• Testing of backups for restoration 

• Verification of backups to ensure successful completion thereof. 

Furthermore, the backup’s tapes were taken home by the Accountant expenditure and the system 
administrators. 

In the absence of the person to whom the responsibility for making backups has been assigned, 
the informal process might not be known to the person to whom the responsible has temporarily 
been assigned, which could result in a loss of data due to incomplete backups, if all backups are 
kept on site information might not be available to continue with the operations after a disaster. 
Tapes that are not tested for restorability might not be restorabie when the information is required. 


Internal control deficiency 

Leadership -lack of IT governance control framework to ensure that the backup strategy is 
developed and approved by management 


Recommendation 


Management should document a backup strategy that addresses the above-mentioned control 
elements. 


Management response 


ABAKUS 

The following backups are done and is recorded in a register 
Weekly - Every Friday the following backups are done: 

• Full System via the SH month procedure 

• Full System via the ABAKUS backup module 

• Full system copied to the ABAKUS TEST on the server 

• Log Files are backed up to the server with the relevant Friday date attached to the file 

• Full System backup of CORVU while the AFS are being compiled 

• Full backup of ABAKUS data to external hard drive, which is then restored to a Note book for 
safe keeping 

• All backup tapes are removed from site for safe keeping 

• The main ABAKUS system runs a full backup to the Disaster Recovery system every night 



VIP Payroll system 

• As soon as the new month’s work commenced, a full system backup is done form the server 
to the computer of the Manager: Expenditure. The same backup is repeated on the external 
hard drive. On a daily basis the data is restored on an offsite computer 

The Payroll staff make a full system backup via the VIP program to external hard drives as 
soon as the salaries had been loaded to the bank 

• A “copy system” back up is also done at the same time. This action allows the Payroll staff to 

view previous month’s salary activities if needed. Both the mentioned backups are for Davroll 
and HR modules y 

• The Excel files are back up on a weekly basis - mainly on a Friday - and both payroll 

computers are updated regularly, thus meaning that both staff members have the same data 
at all times 

• Both staff members remove the external hard drives off site on a daily basis 

• Restoring activities for ABAKUS is not normal procedure but if needed, a consultant will be 
available to restore to the TEST 

• ABAKUS first. The VIP Payroll System had been restored successfully before but is also not 
normal action 

Responsible official: E P Geringer/ M Kettle 
Position: Manager: Expenditure 
Action date: 2011/12 


Auditor’s conclusion 


Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 
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INFORMATION TECHNOLOGY GOVERNANCE 


IT governance is the responsibility of executive management. It is an integral part of organisational 
governance and consists of the leadership, organisational structures and processes that ensure 
that the organisation’s IT resources would sustain its strategies and objectives. IT governance 
allows the organisation to manage IT risks and derive value from IT investments, and supports the 
achievement of business objectives that are dependent on IT systems. 

IT management had not formally designed IT governance controls {policies, procedures, 
guidelines) to mitigate the risk of unauthorised access to the network and information systems. As 
a result, the following key risks were not addressed: 


22. LACK OF INFORMATION TECHNOLOGY RISK MANAGEMENT FRAMEWORK 


Audit finding 


The risk management policy presented for audit purposes did not include the IT risk environment, 
therefore the municipality did have information technology (IT) risk management framework 

If IT risks are managed without a guideline that has been approved by council, the critical 
municipal processes required to maintain service delivery might not be taken into account in the 
prioritisation of the resources required to manage the IT risks. 


Internal control deficiency 


Leadership - inadequate policies and procedures implementation due to a lack of IT governance 
control framework to establish IT risks assessment/control for the municipality. 


Recommendation 


Management should review and approve the risk management framework to include the IT risk 
environment and also to provide guidance on the evaluation and management of IT risks in the 
context of the risk approach of the municipality as a whole. 


Management response 


Agreed with the finding 

Risk Management Framework Policy 

Policy will be re visited and updated to include IT Risk Environment. Please indicate the 
“environment” area in mind 

Responsible official: E P Geringer 
Position: Manager Expenditure 

Action date: End of November 201 1 after the annual User Group 
Auditor’s conclusion 

Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 



23. LACK OF SERVICE LEVEL AGREEMENT 


Audit finding 

During the audit it was noted that no evidence that service level agreements (SLA) had been 
established between the municipality and the Fujitsu Company, for software support and the 
upgrading of the CORVU systems. In addition, an SLA with SoftlineVIP Company, it was last 
approved on 30 December 1999 and did not indicate the renewal date. Furthermore Service level 
agreement (SLA) with Fujitsu Company for software support and the upgrading of the ABAKUS 
systems was incomplete as it did not include the following stipulations: 

• Definition of the service. 

• Cost of the service 

• Quantifiable minimum level of service. 

• Availability, reliability and capacity for growth 

• Security requirements 

• Content and frequency of performance reporting and payment for services 

The lack of an SLA could result in the municipality receiving unacceptable services that do not 
justify the costs incurred. Also, the municipality would not have any legal recourse in cases where 
the required service levels had not been met. 


Internal control deficiency 


Leadership - inadequate policies and procedures implementation due to a lack of documented the 
SL A between the Municipality and service provides (consultants) by management. 


Recommendation 


Management should ensure that the SLAs between the municipality and the consultants indicated 
above are documented and approved by both parties to ensure proper service delivery and 
accountability. The SLAs should also include the stipulations listed above. 


Management response 


This matter had not been discussed at the time of the auditor’s visit. The SLA for Messrs Fujitsu is 
signed on 02/06/201 1 for the 201 1/2012 financial year and is on file. The CORVU application is a 
sub system of ABAKUS and is covered under the same SLA 

The SLA for Messrs VIP had been signed on 30/12/1999 and is still active 


Responsible official: E P Geringer 
Position: Manager: Expenditure 
Action date: 2011/12 


Auditor’s conclusion 

Management comments are noted; however, an assessment of the corrective actions agreed upon 
by management will be performed after three months or as per due date. 
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ANNEXURE C: ADMINISTRATIVE MATTERS 


Employee costs 

24. EX.37 - Leave Policy and leave discrepancies 
Audit finding 

S62(1)(c){i) of the MFMA states that the accounting officer of a municipality is responsible for 
managing the financial administration of the municipality, and must for this purpose take all 
reasonable steps to ensure that the municipality has and maintains effective, efficient and 
transparent systems of financial and risk management and internal control. 

During the audit of leave we have noted that the Municipality’s leave policy has not been approved. 


Furthermore, we have also noted that the following employees were absent from their place of 
work without prior approval by management or without appropriate authority of approval obtained 
before the leave is taken resulting in the non-compliance with section 62 {1) (c) (i) of the MFMA. 


No 

Employee 

No. 

Employee 

Name 

Date from 
Leave was 
Taken 

Date of 
Approval 

No Of Days 
Taken 

Reference 

1 

65450003 

Nxumalo C N 

2/8/2010 

10/8/2010 

5 

0004 

2 

70050016 

Cele R P 

17/12/2010 

20/12/2010 

1 

1482 

3 

70050017 

Magwaza VF 

13/01/2011 

24/01/2011 

2 

1496 

4 

70250006 

Biyela L E 

3/28/2011 

29/03/201 1 

1 

0596 

5 

75050014 

Mguni T B 

10/6/2011 

13/06/2011 

1 

2099 

6 

75100002 

Drews C S H 

14/06/2011 

22/06/2011 

3 

1436 

7 

80300033 

Nene S 

5/4/201 1 

19/04/2011 

1 

1999 

8 

85150003 

Ngema N 

8/11/2010 

29/11/2010 

M6 

0415 

g 

85150013 

Shange S M 

20/09/2010 

4/10/2010 

1 

^083 

10 

75050009 

Gobbelaar ME 

7/9/2010 

8/10/2010 

1 

0201 

ii 

70050006 

Xulu SM 

17/01/2011 

24/01/2011 

5 

0589 

12 

65050013 

Dlamini J G 

24/05/2011 

6/6/2011 

9 

2383 

13 

70250010 

Fakude N N 

9/7/2010 

12/7/2010 

1 

0562 

14 

80050001 

Dias J 

26/04/2011 

29/04/2011 

1 

1997 

15 

80100005 

Nsele M N 

17/06/2011 

13/06/2011 

1 

1745 

16 

80300012 

Mazibuko S 

18/10/2010 

1/12/2010 

1 

0643 

17 

85750001 

Khoza B N 

24/05/2010 

25/05/2010 

1 

0034 


In addition to the above discrepancy, the following employee took special leave and no supporting 
documentation was submitted to substantiate special leave. 


Employee No 

Employee Name 

No. of days 

Date 

Reference 

75050009 

GROBELAAR M E 

1 

14/09/2010 

0202 


This error represents 30% of the items tested. 







Internal control deficiency 

Leadership 

Inadequate establishment and communication of policies and procedures by the leadership to the 
employees to enable and support understanding, execution of internal control objectives, 
processes and responsibilities. 

Financial and performance management 

Inadequate reviews and monitoring of compliance by management for the design and 
implementation of policies and procedures as required by section 62(1) (c) (i) of the MFMA. 

Recommendation 

Leadership 

Adequate establishment and communication of policies and procedures by the leadership to the 
employees to enable and support understanding, execution of internal control objectives, 
processes and responsibilities. 


Financial and performance management 


Adequate reviews and monitoring of compliance should be performed by management for the 
design and implementation of policies and procedures as required by section 62(1) (c) (i) of the 


Management response 

It should be noted that the Council has endeavoured to adopt a leave policy which has been 
disputed by the Unions at the Local Labour Forum Meetings. A copy of the draft policy is attached. 
The Union (SAMWU) has advised that they have consulted with their Provincial Office and thev 
were advised that the policy on leave and procedures are only discussed at divisional/ barqainina 
level. In this regard the Council is still trying to amicably resolve the representation without conflict 
and will now engage the assistance of the South African Local Government Association (SALGA 


It is acknowledged that certain employees were absent from their place of work without prior 
approval by management, however it is incorrect to assume that no authority was provided bv the 
respective manager. In some cases emergency situations arise, where telephonic approval is 
granted to the staff member in specific cases should the leave requested be out of their control 

In an attempt to improve the leave system and records, the Council instituted a new leave book 
which includes carbon copies of leave forms. This was to ensure that the HR Department has 
record and further that the leave is captured timeously. What is evident js that the leave book is 
not always available to all staff members in a department as it may have been sent for capturinq to 
the HR Office or be in another staff member’s office which is not accessible y 
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In this regard Managers will be requested to ensure improved control over the leave book and 
further to ensure that leave is recorded for their staff prior to the leave being taken. Should an 
exceptional case arise, the Manager will be requested to make representation thereof on the leavp 
form to support the dates. 

The adoption of the Leave Policy and improved control measures will address further concerns 
with leave approvals. 

In respect of the Special Leave granted to Mrs M E Grobelaar, it is acknowledged that no 
supporting documents were presented. Improved control measures and training for Supervisors 
will be instituted to address the lack of documentation. The staff member attended a specialist 
doctor appointment with her son and did not obtain a doctor’s note as proof; however the 
appointment was verified verbally by the Supervisor. 

Auditor’s conclusion 

Management response has been noted and the implementation of these controls with the leave 
policy will be followed up during the 2011/12 financial year audit. 
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Payable 


25. EX.9 - Individual Accounts Payable Reconciliations 
Audit finding 

In terms of the MFMA section 65. 

(1) The accounting officer of a municipality is responsible for the management of the expenditure of 
the municipality. 

(2) The accounting officer must for the purpose of subsection (1) take all reasonable steps to 
ensure — 

(c) that the municipality has and maintains a system of internal control in respect of creditors and 
payments; 

During the audit of Accounts payable we have noted that there are individual payables that are not 
reconciled to a statement to ensure completeness of accounts payable 

The nature and impact is that the internal controls are not designed to address the preparation and 
review of the individual payables against the statements which could result in an overpayment / 
underpayment or incomplete accounts payable balances at year end. 

Internal control deficiency 

Financial and Performance management 

Inadequate controls implemented by management over the daily and monthly reconciliation of the 
accounts payable invoices to statements to ensure that the payable reconciliations are reconciled 
to supplier statements. 

Recommendation 

Financial and Performance management 

Adequate controls should be implemented by management over the daily and 

monthly reconciliation of the accounts payable invoices to statements to ensure that the payable 

reconciliations are reconciled to supplier statements. 

Management response 

The reconciliation of the supplier’s statement (external) with the accounting records (internal) will 
be investigated and implemented in the 201 1/2012 financial year. 

Buks Koster 
Deputy CFO 
11/11/2011 

Auditor’s conclusion 

Management response has been noted and this matter will be followed up in the 2011-12 year 




